Question 1: The PHI of 600 patients in Tennessee was breached. Whom should be notified?
a. HHS secretary
b. Patients involved
c. Media
d. All of the
... [Show More] above
Your Answer
All of the above
Feedback
All of these need to be notified.
Question 2: Which use/disclosure of PHI is allowed under the HIPAA Privacy Rule?
a. Releasing information about a celebrity patient to the media
b. Requesting unnecessary information about a patient out of curiosity
c. Discussing a patient's case with a provider involved in the patient's care
d. Chatting about a patient w/ a provider not involved in the patient's care
Your Answer
Discussing a patient's case with a provider involved in the patient's care
Feedback
PHI should be disclosed only to those with a need to know, such as providers involved in the patient's care.
Question 3: Which disclosure/use of PHI is allowed under the HIPAA Privacy Rule?
a. Releasing a patients PHI to the patient when he or she requests access
b. Releasing a patients PHI to the media when the media requests access
c. Releasing a patients PHI to the patient's best friend when the friend requests access
d. Releasing a patients PHI to the patients co-workers when the co-workers request access
Your Answer
Releasing a patient's PHI to the patient when he or she requests access
Feedback
PHI must be released to a patient when he or she requests access. Friends, co-workers, and the media should not be given access to PHI, unless the patient provides clear, written permission.
Question 4: Which of the following is a technical safeguard for PHI?
a. Removing electronic PHI from media before media reuse
b. Ensuring that PHI sent electronically is not changed improperly
c. Controlling physical access to workstations
d. Authorizing and/or supervising employees who work w/ electronic PHI
Your Answer
Ensuring that PHI sent electronically is not changed improperly
Feedback
A technical safeguard for PHI required under HIPAA is integrity control: measures for ensuring that 1) PHI sent electronically is not changed improperly and 2) any improper changes will be detected.
Question 5: What is the civil penalty for unknowingly violating HIPAA?
a. $1000 to $50,000
b. $112 to $55,910
c. At least $50,000
d. $10,000 to $50,000
Your Answer
$112 to $55,910
Feedback
The civil penalty for unknowingly violating HIPAA is $112 to $55,910.
Question 6: All healthcare providers must obtain a National Provider Identification (NPI) to be used for all HIPAA standardized transactions.
a. True
b. False
Your Answer
True
Feedback
Healthcare providers must obtain and use a National Provider Identifier (NPI) issued by the National Provider System for all HIPAA standardized transactions.
Question 7: A patient who pays for 100% of treatment out of pocket can stop disclosure of this information to his/her insurer.
a. True
b. False
Your Answer
True
Feedback
Patients can restrict disclosure if they pay 100% out of pocket.
Question 8: A hospital employee obtains PHI without authorization. He/she may be criminally liable for the violation.
a. True
b. False
Your Answer
True
Feedback
Employees may be liable for HIPAA violations.
Question 9: The HITECH Act did all of the following except:
a. Encourage development of electronic health record systems
b. Strengthen privacy and security standards
c. Decrease the civil penalty for unknowingly disclosing PHI
d. Establish a national data security breach notification law
Your Answer
Decrease the civil penalty for unknowingly disclosing PHI
Feedback
The HITECH Act did not decrease the civil penalties for unknowingly disclosing PHI.
Question 10: Under the HIPAA Privacy Rule, which use/disclosure of PHI is acceptable?
a. Provides gossip about a patient in a public area
b. A limited dataset is released for research purposes
c. A patient tells her providers that her children should not be informed of her condition. Her children are informed anyways
d. A patient specifies that a filled prescription should not be released to his wife. The pharmacy dispenses the prescription to his wife anyway
Your Answer
A limited dataset is released for research purposes.
Feedback
A limited dataset consists of PHI with patient identifiers removed. Limited datasets may be released for purposes of research, healthcare operations, or public health activities.
Question 11: Which statement is true of an organization that sends and/or receives PHI electronically?
a. The organization is a covered entity under HIPAA
b. The organization is exempt from HIPAA requirements
c. The organization may choose whether or not to follow HIPAA
d. The organization is required to follow only the HIPAA privacy rule
Your Answer
The organization is a covered entity under HIPAA.
Feedback
An organization must follow HIPAA if the organization's business activities involve sending and/or receiving PHI electronically.
Question 12: Which of the following is an administrative safeguard for PHI?
a. Removing electronic PHI from media before media reuse
b. Ensuring that PHI sent electronically is not changed improperly
c. Controlling physical access to workstations with access to electronic PHI
d. Authorizing and/or supervising employees who work with electronic PHI
Your Answer
Authorizing and/or supervising employees who work with electronic PHI
Feedback
An administrative safeguard for PHI, required under HIPAA, is authorization and/or supervision of employees with access to PHI. [Show Less]